Discussions on software purchasing, licences and the need for Software Asset Management (SAM), usually begins from a position of chaos. With so many day-to-day activities and pressure to complete work, deadlines to meet and a whole ream of other reasons, the purchasing of software licences often finds its way to the end of a long list of things to do. Once the current work has been completed, and the priorities have changed, purchasing a licence can easily fall by the wayside. Software remains installed for others to use and becomes a de facto part of the corporate estate without further consideration; just one example of how unlicensed software accumulates within organisations. In essence, software licence chaos evolves through a combination of ignorance, negligence and bad management.
Other factors which contribute towards allowing this to happen include:
- The lack of control over who can download and install software – Everyone having administrator permission over their desktop is more common than people would care to admit. Combined with unrestricted internet access, is a recipe for software to be downloaded and installed as needed without giving software licensing a second thought.
- Lack of business processes around software installations – restricting internet access and permissions on desktops will prevent users from downloading software and installing it. Still, without processes in place for the management of software requirements by the business, the default position is for a business user to ask an administrator to install the software. The higher the number of problems and support activities, the higher the likelihood is of this happening automatically without thinking about software licenses.
- The lack of vendor control over software usage – there are many different ways in which vendors can implement software to exercise control over software usage; however, not all methods are effective. Combined with insufficient control over software installations and by whom, contributes significantly to the use of unlicensed software.
Implementing control of software licenses needs to fall into the following programmes of work:
- Tactical work to clean up the environment of unlicensed software
- Strategic implementation of systems and processes to keep software under control, in essence, corporate-wide implementation of Software Asset Management
Demonstrating that both tactical and strategic works are taking place, along with an agreement that a true-up will take place upon determining actual usage and licence shortfalls, will often satisfy software vendors and avoid legal entanglements.
Robert is an information security consultant with over 20 years of experience across a diverse range of organisations, both in the UK and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Robert is contactable directly through LinkedIn.